Lucene search
+L

67 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-38482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / IRQs 2,3,5,6,7, 10,11,15 are valid for...

7.1CVSS6.6AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 1:54 p.m.5 views

BIT-LIBPHP-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS7.3AI score0.12117EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.4 views

PDF-XChange Editor 缓冲区错误漏洞

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

3.3CVSS5.9AI score0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/06/17 6:31 p.m.5 views

CVE-2025-49848

An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data...

8.4CVSS5.8AI score0.00155EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/21 7:15 p.m.10 views

CVE-2000-1237

The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing...

5CVSS7.4AI score0.01212EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 2:12 p.m.12 views

CVE-2025-22044 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl

In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in tonfitbusuuid: "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMMBUSFAMILYNFIT == 0...

5.5CVSS6.3AI score0.00199EPSS
Exploits0References13
OSV
OSV
added 2025/03/03 5:15 p.m.6 views

CVE-2025-0285

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits...

7.8CVSS5.9AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2025/01/14 7:19 p.m.20 views

BIT-PHP-MIN-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS6.7AI score0.12117EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.4 views

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execute code in the...

7.8CVSS7.7AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.5 views

PT-2024-16882 · WordPress · Woocommerce Point Of Sale

Name of the Vulnerable Software and Affected Versions: WooCommerce Point of Sale plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is due to insufficient validation on the logged in user id value when option values are empty, allowing attackers to change the email o...

9.8CVSS9.8AI score0.01484EPSS
Exploits0References12
OSV
OSV
added 2024/11/25 10:15 p.m.1 views

DEBIAN-CVE-2024-53098

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...

7.8CVSS5.7AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.7 views

Brokerage Wave 安全漏洞

Brokerage Wave is a frontend product from Brokerage, Inc. A security vulnerability exists in Brokerage Wave version 2.0, which stems from an exception mishandling of invalid inputs by an API endpoint, which allows an attacker to generate an error message containing sensitive information about the...

7.1CVSS6.5AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.7 views

PT-2024-34704 · Wave 2.0 · Wave 2.0

Name of the Vulnerable Software and Affected Versions: Wave 2.0 Description: This issue is caused by improper exception handling for invalid inputs at a certain API endpoint. An authenticated remote attacker could exploit this by providing invalid inputs for the userId parameter in the API reques...

7.1CVSS6.7AI score0.00343EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.7 views

PT-2024-35561

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the drm/xe/ufence component, where the access ok function only checks for address overflow, but not for...

7.8CVSS5.5AI score0.00214EPSS
Exploits0
OSV
OSV
added 2024/08/17 9:15 a.m.10 views

AZL-47835 CVE-2024-42284 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error tipcudpaddr2str should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipcmediaaddrprintf. Fix this by returni...

7.8CVSS6.6AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2024/07/11 1:4 a.m.18 views

MGASA-2024-0262 Updated php packages fix security vulnerability

This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information...

5.3CVSS5.9AI score0.12117EPSS
Exploits1References5
OSV
OSV
added 2024/06/19 11:13 a.m.6 views

USN-6841-1 php7.4, php8.1, php8.2, php8.3 vulnerability

It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information...

5.3CVSS6.7AI score0.12117EPSS
Exploits1References2
OSV
OSV
added 2024/06/12 7:30 a.m.40 views

BIT-PHP-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS6.7AI score0.12117EPSS
Exploits1References8
NVD
NVD
added 2024/06/09 7:15 p.m.61 views

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS0.12117EPSS
Exploits1References7
OSV
OSV
added 2024/06/09 7:15 p.m.8 views

AZL-42430 CVE-2024-5458 affecting package php for versions less than 8.1.29-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS6.7AI score0.12117EPSS
Exploits1References1
Rows per page
Query Builder